Authentication Bypass Vulnerability on D-Link DSL-2740B Gateway
CVE-2013-2271

Currently unrated

Key Information:

Vendor: D-Link
Status: Dsl-2740b Firmware; Dsl-2740b
Vendor: CVE Published:; 19 November 2013

Summary

The D-Link DSL-2740B Gateway, when running firmware EU_1.0, is susceptible to a vulnerability that allows remote attackers to bypass authentication when an active administrator session exists. By manipulating requests sent to login.cgi, attackers can gain unauthorized administrative access without needing valid credentials, which could lead to further exploitation of the device and compromise the network security.

References

http://securityadvisories.dlink.com/security/publication....

x_refsource_CONFIRM

http://packetstormsecurity.com/files/120613/dlinkdsl2740b...

x_refsource_MISC

http://www.webapp-security.com/2013/03/d-link-dsl-2740b-a...

x_refsource_MISC

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 19, 2013